Resources
The EU AI Act whitepaper series
Three practitioner-level papers on provider compliance, governance ROI, and deployer obligations — written from how compliance teams actually implement the Act, not just what it says. Free, direct download, no email required.
- 3
- Practitioner-level whitepapers
- 23
- Combined pages of frameworks, mappings & templates
- 4
- EU AI Act articles decoded, per paper
- 0
- Email addresses required to download
White Paper 1 of 3
EU AI Act Series · 8 pages
EU AI Act Compliance for High-Risk AI Providers
A practitioner framework for technical documentation, conformity assessment, and post-market monitoring under Chapter III.
The EU AI Act's high-risk enforcement deadline is 2 August 2026. This paper is a practitioner-level framework for the three obligations that define provider compliance: the Annex IV Technical File, the conformity assessment procedure, and the post-market monitoring system — and why organisations that treat them as one integrated programme achieve compliance at roughly a fifth of the cost.
2 Aug 2026
High-risk enforcement deadline
€35M / 7%
Max fine — prohibited practices
€15M / 3%
Max fine — documentation failures
10 years
Technical File retention (Art. 18)
What’s inside
- 01The High-Risk Classification Framework
- 02Building the Annex IV Technical File
- 03Quality Management System (Article 17)
- 04Conformity Assessment Pathways
- 05Post-Market Monitoring (Article 72)
- 06The 2026 Compliance Roadmap
White Paper 2 of 3
EU AI Act Series · 7 pages
AI Governance Framework: ISO 42001 & the ROI of Early Compliance
Integrating international standards with EU AI Act obligations to build durable, commercially valuable AI governance.
The EU AI Act mandates specific governance structures while ISO/IEC 42001 provides the international management system standard for responsible AI. This paper maps ISO 42001 controls directly to EU AI Act obligations, lays out a four-layer governance architecture that satisfies both, and builds the financial case: organisations that use ISO 42001 as the infrastructure for AI Act compliance spend 30–40% less than those running parallel programmes.
70–75%
ISO 42001 controls mapping to EU AI Act
5–10×
Cost multiplier — reactive vs. proactive
18 months
Typical commercial payback
30–40%
Cost saving — integrated vs. parallel
What’s inside
- 01ISO 42001 and the EU AI Act: Different Instruments, Shared Goals
- 02The Complete ISO 42001 → EU AI Act Mapping
- 03The Four-Layer AI Governance Architecture
- 04Technical Debt vs. Regulatory Debt: The Cost Model
- 05The Commercial Revenue Case for Compliance
- 06The Harmonised Standards Trajectory
White Paper 3 of 3
EU AI Act Series · 8 pages
Deployer Obligations: Human Oversight, FRIA & AI Literacy
A practical guide to Articles 26, 14, 27, and 4 for EU AI Act deployers in 2026.
Buying AI from a compliant provider does not transfer the compliance obligation — Article 26 creates a distinct set of deployer duties from the moment a high-risk system goes live. This paper covers the three most commonly under-addressed obligations: human oversight (Article 14), Fundamental Rights Impact Assessments (Article 27), and AI literacy training (Article 4) — and why each is an organisational capability challenge, not a documentation exercise.
Art. 26
9 distinct deployer obligations
Art. 14
5 enumerated oversight capabilities
Art. 27
FRIA mandatory for banks, insurers, public bodies
Art. 4
AI literacy — role- and system-specific
What’s inside
- 01Article 26: The Deployer's Nine Obligations
- 02Article 14: Engineering Meaningful Human Oversight
- 03Automation Bias: The Compliance Risk Inside Every Oversight Process
- 04Article 27: Fundamental Rights Impact Assessment
- 05The Combined FRIA + DPIA: Section-by-Section Template
- 06Article 4: AI Literacy Training — Role-Differentiated Framework
FAQ
Before you download.
Do I need to provide my email to download?
No. All three whitepapers are free, direct PDF downloads — no email gate, no form. Read them, share them, print them.
Do I need to read them in order?
No, each paper stands alone. Paper 1 is for providers, Paper 2 is for governance and risk leadership, and Paper 3 is for deployers — read whichever matches your role, or all three if you touch more than one side of the Act.
Are these legal advice?
No. These are practitioner frameworks built from how compliance teams across sectors actually implement the EU AI Act — useful for planning and structuring your programme, but not a substitute for advice from qualified counsel on your specific situation.
Will you publish more whitepapers?
Yes — this EU AI Act series is the first of several. Future papers will cover NIST AI RMF, ISO 42001 certification in depth, and frameworks beyond the EU. Check back, or follow our blog for release announcements.
Turn these frameworks into a live compliance programme.
14-day free trial · No credit card · Full access to every feature.